Contract360 Workflow

Additional Fraud Prevention Checks

4min

Fraud prevention is crucial in electronic signing workflows to ensure the authenticity and integrity of digital documents. To enhance security measures, we have implemented additional fraud check mechanisms. They are:

IP Address

By recording the IP address of the signer, we can verify the geographic location and detect suspicious activities. This information helps identify potential fraudulent attempts and provides an extra layer of validation.

Mobile/Email OTP Verification

Adding 2FA (Second factor of authentication) to eSigning requires an extra step. Signers must provide a mobile/email OTP as a second authentication factor. They receive a unique OTP on their registered mobile number or email, which they enter to complete the eSigning process. This method reduces unauthorized access risk by confirming the user's legitimacy. Implementing 2FA is especially beneficial for non-DSC based eSignatures, as it authenticates the signer and prevents misuse or fraud.

Document Timestamping

We have introduced a secure and tamper-proof timestamping mechanism that allows verification of the document's signing time. This feature prevents any unauthorized changes to the document after the signature is applied.

Unauthorized Aadhaar eSign Attempt

For Aadhaar e-Sign, if additional validations like name, gender, and year of birth match are chosen, and there is a mismatch with the provided contract details, a popup will prompt the user. To restart the signing process, the user needs to click on 'Go back and sign again'.

There are 4 scenarios:

  • Name Match Validation - You can perform a validation by comparing the entered name with the name retrieved from Aadhaar using a name match score threshold. If the match score is below the threshold, the e-signing process will not be completed.
  • Name & Year of Birth Match Validation - In addition to validating the name match, you can also verify the year of birth. The year of birth match can be either exact or not a match. Therefore, if the name match score exceeds the threshold but the year of birth doesn't match, the e-signing process will not be completed.
  • Name & Gender Match Validation - You can also verify the gender in addition to validating the name match. The gender match can be either exact or not a match. Hence, if the name match score surpasses the threshold but the gender does not match, the e-signing process will not be completed.
  • Name, Gender & Year Of Birth Validation - In addition to validating the name match, you can also verify the gender and year of birth. The gender and year of birth matches can be exact or not a match. If the name match score exceeds the threshold but either the gender or year of birth, or both, do not match, the e-signing process will not be completed.

Furthermore, for the year of birth and gender matches to be considered, the name match threshold must be met. 

To enable the year of birth and gender matches, set the parameters “allowSignerYOBMatch” = true and “allowSignerGenderMatch” = true respectively. 

The popup will only show fields for which the corresponding parameters have been provided. In the 'What we got from Aadhaar E-sign' section, any mismatches will be highlighted in red. If there are no mismatches, it will be displayed in blue.

Updated 28 Feb 2024
Did this page help you?
PREVIOUS
Step 6 - Audit Trail Certificate Generation
NEXT
Save Template API
Docs powered by Archbee